Bookler
Back to home
LegalBookler

Data Processing Agreement

Last updated: July 12, 2026

This Data Processing Agreement applies whenever a restaurant uses Bookler to handle personal data of its guests. It forms part of our Terms of Service and reflects Article 28 of the GDPR.

Roles of the parties

The restaurant is the controller of its guest and reservation data. Bookler.online is the processor and processes that data only on the documented instructions of the restaurant, including for any transfer to a third country, unless required to do otherwise by EU or member-state law. Using the product as intended counts as an instruction.

Subject matter and duration

The subject matter is the provision of reservation software. Processing lasts as long as the restaurant’s account is active, plus the short period needed to return or delete data afterwards.

Data subjects and categories of data

Data subjects are the restaurant’s guests and its staff users. Categories include name, email address, phone number, reservation date, time and party size, table and seating notes, guest messages, and staff account details. Allergy and dietary notes may qualify as health data, so restaurants should record only what the booking genuinely requires and should not enter other special categories of data into Bookler.

Security measures

Bookler applies appropriate technical and organisational measures, including encryption in transit and at rest, role-based access control, separation of restaurant accounts, hosted checkout so that card numbers never reach our systems, logging of administrative access, and regular backups. Measures are reviewed as the service changes.

Confidentiality

Everyone Bookler authorises to process guest data is bound by confidentiality and is given access only to what their role requires.

Sub-processors

The restaurant gives general written authorisation for the sub-processors listed on our sub-processors page. Each is bound by data-protection obligations equivalent to those in this agreement, and Bookler remains fully liable for their performance. We publish changes to that list and aim to give at least 30 days notice before a new sub-processor starts processing guest data, so a restaurant can object.

International transfers

Where a sub-processor processes guest data outside the European Economic Area, Bookler relies on an adequacy decision, the EU–US Data Privacy Framework, or Standard Contractual Clauses. The safeguard for each provider is listed on the sub-processors page.

Assistance to the restaurant

Taking into account the nature of the processing and the information available to us, Bookler assists the restaurant with requests from guests to access, correct, delete, export, restrict, or object to processing, and with data protection impact assessments and prior consultation where these apply.

Personal data breaches

Bookler notifies the restaurant without undue delay after becoming aware of a personal data breach affecting its data, and provides the information the restaurant needs to meet its own notification duties to its supervisory authority and to affected guests.

Return and deletion

When the account ends, Bookler deletes or returns guest and reservation data within 90 days, except where storage is required by law. A restaurant can also request deletion earlier through our data deletion page.

Audits

Bookler makes available the information needed to demonstrate compliance with Article 28 and allows for audits and inspections by the restaurant or an auditor it mandates, on reasonable notice and normally no more than once a year, unless a breach or a supervisory authority requires otherwise.

How this agreement is accepted

This agreement applies automatically when a restaurant accepts the Terms of Service, so no separate signature is needed. If your organisation needs a signed copy or a version on its own template, email app@bookler.online.

Contact

For questions about this page, email Bookler at app@bookler.online.

Email Bookler

Practical context

These pages are here so restaurants, guests, applicants, and partners can find the right policy and contact route without searching through the product or guessing which team to email.

When to use this page

Use this information when you need to understand Bookler’s legal, privacy, cookie, deletion, or company-contact position before using the website or service, signing up, or sharing operational details.

What to include in a request

Send enough context for us to find the relevant account, restaurant, booking, or website interaction. For most requests, app@bookler.online is the right starting point and keeps the conversation traceable.

How updates are handled

Policies may change as the product, providers, or legal requirements change. The date near the top of the page shows the latest published update, so teams can check whether guidance changed.